[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Tue Feb 6 13:00:05 EST 2007


[***] Results from Oinkmaster started Tue Feb  6 18:00:05 2007 [***]

[+++]          Added rules:          [+++]

 2003390 - BLEEDING-EDGE Malware SurfAccuracy.com Spyware Updating (bleeding-malware.rules)
 2003391 - BLEEDING-EDGE Malware SurfAccuracy.com Spyware Pulling Ads (bleeding-malware.rules)
 2003392 - BLEEDING-EDGE TROJAN Warezov/Stration Communicating with Controller (bleeding-virus.rules)
 2003393 - BLEEDING-EDGE Malware My Search Spyware Config Download 3 (bleeding-malware.rules)
 2003394 - BLEEDING-EDGE MALWARE User Agent Containing http\:// - Possible Spyware (bleeding-malware.rules)
 2003396 - BLEEDING-EDGE MALWARE Mysearch.com/Morpheus Bar Spyware User-Agent (bleeding-malware.rules)
 2003397 - BLEEDING-EDGE MALWARE Zango Seekmo Bar Spyware User-Agent (Seekmo Toolbar) (bleeding-malware.rules)
 2003398 - BLEEDING-EDGE MALWARE Morpheus Spyware Install User-Agent (SmartInstaller) (bleeding-malware.rules)
 2003399 - BLEEDING-EDGE MALWARE Spyhealer Fake Anti-Spyware Install User-Agent (SpyHealer) (bleeding-malware.rules)


[---]  Disabled and modified rules:  [---]

 2003381 - BLEEDING-EDGE POLICY McAfee Update User Agent -NOT HOSTILE- (McAfee AutoUpdate) (bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        #By Matt Jonkman from spywarelp data

     -> Added to bleeding-sid-msg.map (10):
        2003381 || BLEEDING-EDGE POLICY McAfee Update User Agent -NOT HOSTILE- (McAfee AutoUpdate)
        2003390 || BLEEDING-EDGE Malware SurfAccuracy.com Spyware Updating || url,www.symantec.com/security_response/writeup.jsp?docid=2005-062716-0109-99
        2003391 || BLEEDING-EDGE Malware SurfAccuracy.com Spyware Pulling Ads || url,www.symantec.com/security_response/writeup.jsp?docid=2005-062716-0109-99
        2003392 || BLEEDING-EDGE TROJAN Warezov/Stration Communicating with Controller || url,www.avira.com/en/threats/section/fulldetails/id_vir/3242/tr_dldr.warezov.df.html || url,www.sophos.com/security/analyses/w32strationbo.html
        2003393 || BLEEDING-EDGE Malware My Search Spyware Config Download 3
        2003394 || BLEEDING-EDGE MALWARE User Agent Containing http\:// - Possible Spyware
        2003396 || BLEEDING-EDGE MALWARE Mysearch.com/Morpheus Bar Spyware User-Agent
        2003397 || BLEEDING-EDGE MALWARE Zango Seekmo Bar Spyware User-Agent (Seekmo Toolbar)
        2003398 || BLEEDING-EDGE MALWARE Morpheus Spyware Install User-Agent (SmartInstaller)
        2003399 || BLEEDING-EDGE MALWARE Spyhealer Fake Anti-Spyware Install User-Agent (SpyHealer)

     -> Added to bleeding-virus.rules (1):
        #Matt Jonkman, strangely enough from spyware listening post hits

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (1):
        2003381 || BLEEDING-EDGE POLICY McAfee Update User Agent (McAfee AutoUpdate)





More information about the Snort-sigs mailing list